North Korean military blamed for “wiper” cyber attacks against South Korea

The South Korean government is pointing a finger toward Pyongyang in its assessment of last month's cyber-attacks on banks and media companies that affected thousands of computers and took electronic banking sites and ATM networks offline.

A report by South Korea's Ministry of Science, Information and Computer Technology, and Future Planning found evidence that the attack was carried out by North Korea's military intelligence, otherwise known as its "general reconnaissance bureau." The March 20 attack—which spread "wiper" malware that deleted the master boot record of PCs and attempted to delete volumes from Unix and Linux servers they were connected to—"resembled North Korea's past hacking patterns," a ministry spokesperson said in a Wednesday press briefing.

The attack targeted private citizen's computers as well as the website of an anti-North Korean organization and South Korean broadcaster YTN. Forensic evidence from it pointed directly to North Korean involvement. Six computers located at North Korean IP addresses were involved in the spreading of the malware used in the attacks, either directly or through proxies in China. Based on 76 malware samples collected by the investigation, the attack was planned at least eight months ago, when the code was spread to victims' PCs. This was largely accomplished through e-mail attachments disguised as bank account statements.

The cyber attacks took place as North Korea ramped up its threats against South Korea and the US during joint military exercises. North Korea claims that it has been the victim of cyber-attacks by the US and its allies; Anonymous and numerous other "hacktivists" have taken credit for ongoing hacks of North Korean websites operated outside of North Korea.

Just this morning someone from accounting was asking me if "bankstatement.zip.blockedbyITcontacthelpdesk" was a legitimate file? Sent from sdfgsgag@domainA with domainB in the header, riddled with bad grammar?

Just this morning someone from accounting was asking me if "bankstatement.zip.blockedbyITcontacthelpdesk" was a legitimate file? Sent from sdfgsgag@domainA with domainB in the header, riddled with bad grammar?

Just this morning someone from accounting was asking me if "bankstatement.zip.blockedbyITcontacthelpdesk" was a legitimate file? Sent from sdfgsgag@domainA with domainB in the header, riddled with bad grammar?

a) No and a 6 year old ought to see that.

b) File is already blocked says so right there why are you asking me?

You're one of those IT guys. Just remember, if everyone knew everything we do, we wouldn't get paid as much as we do.

With all the latest threats made from North Korea to U.S. So the question: why hacked South Korea and left U.S. untouched? This make no sense. Besides North Korea and China both have claimed they were also the victims.

South Korea has no excuse to whine. They have more than enough evidence sitting a mere artillery shells's throw across the border to be vigilant & defensive against cyber attack. If they haven't hardened their infrastructure then serves them bloody right.

South Korea has no excuse to whine. They have more than enough evidence sitting a mere artillery shells's throw across the border to be vigilant & defensive against cyber attack. If they haven't hardened their infrastructure then serves them bloody right.

South Korea would give it to North Korea in any mean if they were certain the hacks came from the North Korea. The suspicion is there for the South they don't believe it was from the North. The only big noise keep saying the hacks from the North is the U.S. No one else think so. South Koreans are not some dumb asses.

The attack seemed quite rudimentary (email attachments, arguably 'borrowed' viruses), and well within North Korea's capabilities as far as we know them. Let's hope this war remains virtual.

The war will only end in the annihilation of the North Korean government and its military. The threats are already enough justification for a preemptive attack. It's about time South Korea and America put an end to this nonsense.

South Korea has no excuse to whine. They have more than enough evidence sitting a mere artillery shells's throw across the border to be vigilant & defensive against cyber attack. If they haven't hardened their infrastructure then serves them bloody right.

South Korea would give it to North Korea in any mean if they were certain the hacks came from the North Korea. The suspicion is there for the South they don't believe it was from the North. The only big noise keep saying the hacks from the North is the U.S. No one else think so. South Koreans are not some dumb asses.

Oh really? You mean the same South Korea that did nothing in recent times when one of their ships was sunk and one of their islands was shelled by North Korea?

If the "South Koreans are not some dumb asses" then why are they allowing the Americans to spread FUD, assuming they are?

South Korea has no excuse to whine. They have more than enough evidence sitting a mere artillery shells's throw across the border to be vigilant & defensive against cyber attack. If they haven't hardened their infrastructure then serves them bloody right.

South Korea has indeed hardened their infrastructure. Here's how:

When you connect to a secure website, a pop-up window announces that in order to access this secure website, you have to install an Active X control called (as an example) "XSecure.OCX". So, you click "install", grant administrator rights, if requested, and then, after the control has installed, you can access the secure website. The Active X control is responsible for encrypting your communications with the secure website so that hackers can't eavesdrop on your session.

It works great and, no, no one would ever think of setting up a phishing site, substituting their own malicious Active X control that hijacks your machine into a botnet while keylogging your usage and stealing your passwords. That would never happen.

Just this morning someone from accounting was asking me if "bankstatement.zip.blockedbyITcontacthelpdesk" was a legitimate file? Sent from sdfgsgag@domainA with domainB in the header, riddled with bad grammar?

a) No and a 6 year old ought to see that.

b) File is already blocked says so right there why are you asking me?

You're one of those IT guys. Just remember, if everyone knew everything we do, we wouldn't get paid as much as we do.

The real problem is when you get this sort of question from the same user you got that question from last week, at which point you tried to explain to them why it was an obvious fake. After a while, you just have to give up or go crazy.

Some people just really lack the ability to think critically when it comes to computers for some reason - they just see a box that does magic. That's why social engineering still works so well in 2013.

South Korea has no excuse to whine. They have more than enough evidence sitting a mere artillery shells's throw across the border to be vigilant & defensive against cyber attack. If they haven't hardened their infrastructure then serves them bloody right.

South Korea would give it to North Korea in any mean if they were certain the hacks came from the North Korea. The suspicion is there for the South they don't believe it was from the North. The only big noise keep saying the hacks from the North is the U.S. No one else think so. South Koreans are not some dumb asses.

Oh really? You mean the same South Korea that did nothing in recent times when one of their ships was sunk and one of their islands was shelled by North Korea?

If the "South Koreans are not some dumb asses" then why are they allowing the Americans to spread FUD, assuming they are?

I missed the "island" incident. I knew it had happened. Without knowing any more details. no comments.

On the second issue you brought up: How would you handle it if you knew your boss spread FUD. What would you say to your boss? You would pretending you hear nothing, right? But if you do have the nerve to say some feed backs to your boss. "Dude, you are a damn liar." There will be two security guards showed up at your office before lunch break and these security guards will escort you out of the building. Yes, you'll get your 5 minutes to pack your stuff.

You are not coming back, you hear?

North Korea's choice was not to live like the way South do and that is under the claws of the West. Counting its noise hair. Yes sir, at your service.

Who does anyway when there is a choice for him to choose to live? There wasn't any other options for the South. China? You got to be kidding?

Hmm.. What's this word, "puppet"? I don't think the South likes the American politics that much if not for the North.

The war will only end in the annihilation of the North Korean government and its military. The threats are already enough justification for a preemptive attack. It's about time South Korea and America put an end to this nonsense.

You're pretty ignorant of the state of North Korea. 8,200,000 people are in the reserve military (that's 1/3rd of their population), and the citizens have been so brainwashed that to kill their leader would be to martyr him.

The "annihilation of [the] North Korean government and its military", as you put it, would be the end of the country as a whole. What's needed is reform, not annihilation, but that can't happen until the citizens start to see the truth of their desperate condition -- far from the "most prosperous nation" they believe they live in.

Now I must ask who is being brainwashed at this point North Korea needed a "reform"?

What's wrong with its current government, excepted for what the American keep saying they are the communism?

But what the hell wrong with communism?

Anyone know?

Something it doesn't works for the Americans doesn't mean it won't works for the North Korean." It works for the China and still going strong until it reach a partial economic recovery during the mid 80's after WWII.

Like America, China now is a 100 percent capitalistic state. Probably even more capitalistic than the Americans.

Give North Korea a break for the change. It will change.

But no, we want to mess them up.. Because we could?

Do you know the North Koreans could blamed their misfortune on the Americans for their not so much "prosperous nation"? If not for the Americans they probably did a whole lot better?

Surely you're joking? The government is one of the most oppressive on the planet today. People caught trying to flee the country are tortured and killed, along with their entire families. Millions live in hunger in North Korea today. "6 million hungry" in was front-page news in the New York Times two years ago (March 2011). Less than decade ago, an estimated 5 million died from starvation during a terrible famine. If America is to be blamed, it's for looking the other way with the rest of the world while egotistical leaders elevated themselves to godlike status by brainwashing a nation. History is your friend -- do some basic research on Korea (North and South) before posting drivel.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.